root-enter: upgrade to 9

go back to shell script
This commit is contained in:
ptrcnull 2023-02-25 07:41:32 +01:00
parent b57062484a
commit d9779306e4
Signed by: ptrcnull
GPG key ID: 411F7B30801DD9CA
2 changed files with 94 additions and 74 deletions

View file

@ -1,13 +1,12 @@
# Contributor: Patrycja Rosa <alpine@ptrcnull.me> # Contributor: Patrycja Rosa <alpine@ptrcnull.me>
# Maintainer: Patrycja Rosa <alpine@ptrcnull.me> # Maintainer: Patrycja Rosa <alpine@ptrcnull.me>
pkgname=root-enter pkgname=root-enter
pkgver=8 pkgver=9
pkgrel=0 pkgrel=0
pkgdesc="enter chroot with mounts" pkgdesc="enter chroot with mounts"
url="https://git.ddd.rip/ptrcnull/ptrcports" url="https://git.ddd.rip/ptrcnull/ptrcports"
arch="noarch" arch="noarch"
license="BSD-2-Clause" license="BSD-2-Clause"
depends="execline"
source="enter" source="enter"
builddir="$srcdir" builddir="$srcdir"
options="!check" options="!check"
@ -17,5 +16,5 @@ package() {
} }
sha512sums=" sha512sums="
2c46100bb0c1a2a1b683d3e6070a970fcdd0bf688ccdfa3bcf4310b8f4ea0a69946a3a1b3cffec18af70eb09fb53a977a034318a7be4f103a864239880f4a1be enter 4a054f60ded2e17c8eca35ff30b2e23b00dba58b7208f62121ffce849502838022f61ea2a1ddc4b6c80e63cbb33e1a331f1d7aecace5ada5bd6b0ae23cd790ea enter
" "

View file

@ -1,83 +1,104 @@
#!/bin/execlineb #!/bin/sh
set -eu
elgetopt "be:u:c:" # make sure we're root
if [ "$(id -u)" != 0 ]; then
sucmd="su -c"
if command -v doas >/dev/null; then
sucmd="doas"
elif command -v sudo >/dev/null; then
sucmd="sudo"
fi
multisubstitute { exec $sucmd env HOME="$HOME" USERNAME="$(id -u -n)" "$0" "$@"
importas -D "0" build ELGETOPT_b fi
importas -D "" extra_mounts ELGETOPT_e
importas -D "" user_arg ELGETOPT_u
importas -D "" command_arg ELGETOPT_c
importas -D "" dest 1
importas -i USER USER
importas -i HOME HOME
}
# and make sure we're in a separate mount namespace
if [ "$(readlink /proc/$$/ns/mnt | cut -d: -f2)" = "$(readlink /proc/1/ns/mnt | cut -d: -f2)" ]; then
exec unshare -m "$0" "$@"
fi
bindpoints="/etc/resolv.conf"
command=""
user="$USERNAME"
while getopts "be:u:c:" opt; do
case $opt in
'b') bindpoints="
$bindpoints
$HOME/aports
$HOME/packages
$HOME/.abuild
" ;;
'e') bindpoints="$bindpoints $OPTARG" ;;
'u') user="$OPTARG" ;;
'c') command="$OPTARG" ;;
*) echo "unknown $opt" ;;
esac
done
shift $(( $OPTIND - 1 ))
dest="$1"
shift shift
elgetpositionals
emptyenv -oP
backtick -D "ash -l" command { if [ ! -d "$dest" ]; then
ifelse { test -n $command_arg } { echo "no such directory: $dest"
echo $command_arg exit 1
} fi
ifelse { test $# -gt 0 } { if [ ! -x "$dest"/bin/sh ]; then
echo $@ echo "$dest does not contain executable /bin/sh"
} exit 1
fi
echo ash -l mount -t proc proc "$dest"/proc
} mount -t sysfs sysfs "$dest"/sys
importas -ui command command mount -t tmpfs tmpfs "$dest"/tmp
# TODO: add -s to that when not using `su` later # some mini kernels don't have devtmpfs
if grep -q devtmpfs /proc/filesystems; then
mount -t devtmpfs devtmpfs "$dest"/dev
else
mount -t tmpfs tmpfs "$dest"/dev
backtick -D "" -E user { ifelse { test -n $user_arg } { echo $user_arg } echo $USER } if [ -x "$dest"/sbin/mdev ]; then
echo "devtmpfs not supported - running 'mdev -s' instead"
chroot "$dest" /sbin/mdev -s
else
echo "devtmpfs not supported - devices need to be created manually"
fi
fi
mount -t devpts devpts "$dest"/dev/pts
mount -t tmpfs tmpfs "$dest"/dev/shm
backtick -D "" -E build_mounts { for bindpoint in $bindpoints; do
if { test $build = 1 } if [ -f "$bindpoint" ]; then
echo " touch "$dest"/"$bindpoint"
${HOME}/aports else
${HOME}/packages mkdir -p "$dest"/"$bindpoint"
${HOME}/.abuild fi
"
}
define -s -C bindpoints "/etc/resolv.conf ${build_mounts} ${extra_mounts}" mount --bind "$bindpoint" "$dest"/"$bindpoint"
done
ifelse -n { test -d $dest } { # if running on chromeos, fixup symlink exec
foreground { echo "no such file or directory: $dest" } # https://goo.gl/8xICW6
exit 1 # https://github.com/dnschneid/crouton/commit/5cb7ad05
} if [ -e "/run/chrome" ]; then
if mount -n -t securityfs -o nodev,noexec,nosuid securityfs /sys/kernel/security; then
policies=/sys/kernel/security/chromiumos/inode_security_policies
if [ -d "$policies" ]; then
for policy in "$policies/allow_"*; do
printf "$(realpath "$dest")" > "$policy"
done
fi
umount /sys/kernel/security
fi
fi
ifelse -n { test -x ${dest}/bin/sh } { if [ "$command" ]; then
foreground { echo "$dest does not contain executable /bin/sh" } exec chroot "$dest" su $user -c "$command"
exit 1 elif [ "$#" -gt 0 ]; then
} exec chroot "$dest" su $user -c "$*"
else
backtick -E uid { id -u } exec chroot "$dest" login -f $user
backtick -E -D "exec" sucmd { if { test $uid != 0 } echo doas } fi
$sucmd
unshare -m
foreground { mount -t devtmpfs devtmpfs ${dest}/dev }
foreground { mount -t tmpfs shm ${dest}/dev/shm }
foreground { mount -t devpts devpts ${dest}/dev/pts }
foreground { mount -t sysfs sysfs ${dest}/sys }
foreground { mount -t proc proc ${dest}/proc }
foreground { mount -t tmpfs tmpfs ${dest}/tmp }
foreground {
forx -E point { $bindpoints }
# ensure $point exists in destination
ifthenelse { test -f $point } {
touch ${dest}${point}
} {
mkdir -p ${dest}${point}
}
mount --bind $point ${dest}${point}
}
chroot ${dest}
su $user -c "$command"